| Author |
 Topic Search  Topic Options
|
superlative 
Groupie
Not Comparative, I m Superlative :)
Joined: 26 November 2004
Location: Turkey
Status: Offline
Points: 125
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: About RSS Topic & Post Feeds
Posted: 22 May 2006 at 9:42pm |
Hi all,
I have got a suggestion. May be an option for the RSS buttons. I have got a idea :
If user want to follow to posts or topics and normally guests do not have permission to access to forums, User can not follow topics or posts via RSS, May be a option for the Admin menu, if user access to RSS button copy link shortcut and follow to RSS links or dont follow. I hope this feature become in new versions. Currently our forums do not accept to guests for this reason our user dont follow RSS feeds. I modify RSS asp pages. I know this will become a security bug. Somebody discover a topic ID and access content via RSS. Maybe user check system will be integrated to RSS viewer asp pages. I am working on this.
|
|
|
 |
jsaren
Groupie
Joined: 15 April 2006
Location: China
Status: Offline
Points: 95
|
Post Options
Thanks(0)
Quote Reply
Posted: 23 May 2006 at 11:30pm |
|
good!
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 24 May 2006 at 8:35am |
|
The original RSS Feed I made for the forum did include permissions, but this was removed for 2 reasons, 1 was performance, and the other was that RSS Feeds are meant to be viewed in an RSS News Aggragator, and as RSS News Aggragators are not able to login into forums there is little point in having a permissions system included in the RSS Feed, so RSS Feeds only work on Guest permissions.
|
|
|
|
superlative
Groupie
Not Comparative, I m Superlative :)
Joined: 26 November 2004
Location: Turkey
Status: Offline
Points: 125
|
Post Options
Thanks(0)
Quote Reply
Posted: 14 June 2006 at 11:51pm |
Hi Again Borg;
Can you use cookie authentication for RSS News Reader ? For special reasons we close our forum to guests. Only members can display. For this reason members can not follow our forum via RSS. If cookies support this maybe work. Or simple auth system may be add to RSS asp pages.
For Example :
Author ID and excrypted password send to RSS pages and simple check user permissions.
insted of
Then RSS page check AID (Author ID) and encyrpted PW, then appyle user permissions. Also, members can follow forum via RSS. Sory for my bad english grammar. Borg I hope you understand me :)
|
|
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 June 2006 at 8:25am |
|
By using the method you mention using permanent ID within a URL would open a huge security hole that hackers could easily use to hack the forum and gain access to information that they shouldn't be allowed to view.
Cookies to do the same thing also would not be secure, and most RSS Readers do not support cookies.
Edited by -boRg- - 15 June 2006 at 8:26am
|
|
|
|
superlative
Groupie
Not Comparative, I m Superlative :)
Joined: 26 November 2004
Location: Turkey
Status: Offline
Points: 125
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 June 2006 at 9:08am |
Borg I explained as wrong, ID is not permanent. Hackers can forund AID (Author ID) but can not find PW. Because PW is encryted user password. RSS links different for each user. For example :
User 1 :
User name : Borg, AID (Author ID) : 1, Real PW : 1234, Encrypted PW : sdfs545d4f5645s, Permission for WWF 8x Support : Access, RSS Link :
User 2 :
User name : superlative, AID (Author ID) : 18438, Real PW : 369874, Encrypted PW : sdfsuyuewrjhss, Permission for WWF 8x Support : No Access, RSS Link : N/A (Because No Access forum)
In This case, User 1 copy his own RSS link to RSS Reader software and RSS asp page decrypt to PW and check the user permission. If OK publish content.
User 2 do not access the same forum. I am not hacker but this way very secure for RSS. RSS links generate for each member who have got access right. If guest access OK, bypass this security system for improve performance.
|
|
|
|
SUJO
Newbie
Joined: 25 July 2005
Location: Slovenia
Status: Offline
Points: 26
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 June 2006 at 9:54am |
I agree with -boRg- here. The RSS itself was designed to be available to everyone who wants to use it. It's like going into a supermarket - everybody can go in, and everybody can buy anything (except the things they keep in stock  ). It is also encouraging. By providing the RSS feed to others, they just might get interested enough to go to your page and register - for more, or just to keep up. You have no idea how many feeds can/are being read...(you could be gaining people by not even knowing of it). Also, RSS does not include topics/threads/pages that you do not want to - eg. the permissions for forums you set. So - why would you want to complicate things where/when they are not necessary?
|
|
superlative
Groupie
Not Comparative, I m Superlative :)
Joined: 26 November 2004
Location: Turkey
Status: Offline
Points: 125
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 June 2006 at 10:15am |
SUJO, I like your supermarket imitation. But this is not interested in our case.
By providing the RSS feed to others, they just might get interested enough to go to your page and register
You wrote this, If you dont give access permission to guest, anybody follow content via RSS Feed. But guests register and be member and read content via forum (Not RSS)
RSS Feeds is not only for computer users. Visitors read content via mobile phone. Many software exist for smartphones.
RSS Feeds nice feature. Some members want to follow forums, blogs via RSS. If you want to reply they will go to forum. In this case we don't discussion RSS benefits/injuries. We discussion :
How to give to RSS access permission to our members without any security hole. isn't it ?
|
|
|
|
